Skip to content

Update go patch dependencies#256

Open
red-hat-konflux[bot] wants to merge 1 commit into
mainfrom
konflux/mintmaker/main/go-patch-dependencies
Open

Update go patch dependencies#256
red-hat-konflux[bot] wants to merge 1 commit into
mainfrom
konflux/mintmaker/main/go-patch-dependencies

Conversation

@red-hat-konflux

@red-hat-konflux red-hat-konflux Bot commented Nov 20, 2025

Copy link
Copy Markdown
Contributor

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Change Age Confidence
cel.dev/expr v0.25.1v0.25.2 age confidence
github.com/42wim/httpsig v1.2.3v1.2.4 age confidence
github.com/cloudflare/circl v1.6.3v1.6.4 age confidence
github.com/conforma/crds/api v0.1.7v0.1.11 age confidence
github.com/docker/docker-credential-helpers v0.9.3v0.9.8 age confidence
github.com/fxamacker/cbor/v2 v2.9.0v2.9.2 age confidence
github.com/go-openapi/jsonreference v0.21.5v0.21.6 age confidence
github.com/google/go-containerregistry v0.21.0v0.21.7 age confidence
github.com/mattn/go-colorable v0.1.14v0.1.15 age confidence
github.com/mattn/go-isatty v0.0.20v0.0.22 age confidence
github.com/vbatts/tar-split v0.12.2v0.12.3 age confidence
go.yaml.in/yaml/v2 v2.4.3v2.4.4 age confidence
google.golang.org/protobuf v1.36.10v1.36.11 age confidence

Warning

Some dependencies could not be looked up. Check the warning logs for more information.


Release Notes

google/cel-spec (cel.dev/expr)

v0.25.2

Compare Source

What's Changed

New Contributors

Full Changelog: cel-expr/cel-spec@v0.25.1...v0.25.2

42wim/httpsig (github.com/42wim/httpsig)

v1.2.4

Compare Source

cloudflare/circl (github.com/cloudflare/circl)

v1.6.4: CIRCL v1.6.4

Compare Source

What's Changed

New Contributors

Full Changelog: cloudflare/circl@v1.6.3...v1.6.4

docker/docker-credential-helpers (github.com/docker/docker-credential-helpers)

v0.9.8

Compare Source

What's Changed

  • update to go1.26.4
  • wincred: inline label, and append to existing
  • build(deps): bump actions/checkout from 6.0.2 to 6.0.3
  • build(deps): bump codecov/codecov-action from 6.0.0 to 6.0.1
  • build(deps): bump crazy-max/.github/.github/workflows/zizmor.yml from 1.7.1 to 1.10.0
  • build(deps): bump docker/bake-action from 7.1.0 to 7.2.0
  • build(deps): bump docker/setup-buildx-action from 4.0.0 to 4.1.0
  • build(deps): bump docker/setup-qemu-action from 4.0.0 to 4.1.0

Full Changelog: docker/docker-credential-helpers@v0.9.7...v0.9.8

v0.9.7

Compare Source

What's Changed

  • update to go1.26.3
  • ci: update zizmore action to v1.7.1

Full Changelog: docker/docker-credential-helpers@v0.9.6...v0.9.7

v0.9.6

Compare Source

What's Changed

  • update to go1.25.9
  • secretservice: allow building on openbsd
  • wincred: minor cleanups
  • Dockerfile: document build-args
  • Dockerfile: update golangci-lint to v2.11
  • Dockerfile: update xx to v1.9.0
  • ci: set default permissions and timeouts
  • ci: update actions
  • ci: pin actions by sha
  • ci: add zizmor workflow

Full Changelog: docker/docker-credential-helpers@v0.9.5...v0.9.6

v0.9.5

Compare Source

What's Changed

  • build(deps): bump actions/checkout from 5 to 6 #​395
  • build(deps): bump actions/upload-artifact from 4 to 6 #​398
  • build(deps): bump softprops/action-gh-release from 2.3.3 to 2.4.1 #​391
  • build(deps): bump softprops/action-gh-release from 2.4.1 to 2.5.0 #​397
  • Dockerfile: remove redundant DEBIAN_FRONTEND=noninteractive #​404
  • Dockerfile: update golangci-lint to v2.8 #​402
  • gha: update some actions to ubuntu 24.04 #​401
  • update to go1.25.2 #​392
  • update to go1.25.5 #​399

Full Changelog: docker/docker-credential-helpers@v0.9.4...v0.9.5

v0.9.4

Compare Source

What's Changed

  • update to go1.25.1 #​387
  • wincred: fix unsafe uintptr usage to be GC-safe on go1.25 #​386
  • gha: add macos-15-intel, remove macos-13 (deprecated) #​384
  • deb: Dockerfile: update to debian bookworm, ubuntu jammy (22.04) #​385
  • Dockerfile: update xx to v1.7.0 #​383
  • Dockerfile: update golangci-lint to v2.5 #​386
  • Dockerfile: merge build stages #​249
  • build(deps): bump github.com/danieljoos/wincred v1.2.3 #​388
  • build(deps): bump softprops/action-gh-release from 2.2.1 to 2.3.2 #​373
  • build(deps): bump actions/checkout from 4 to 5 #​376
  • build(deps): bump actions/setup-go from 5 to 6 #​377
  • build(deps): bump actions/github-script from 7 to 8 #​378
  • build(deps): bump softprops/action-gh-release from 2.3.2 to 2.3.3 #​379

Full Changelog: docker/docker-credential-helpers@v0.9.3...v0.9.4

fxamacker/cbor (github.com/fxamacker/cbor/v2)

v2.9.2

Compare Source

This release refactors and hardens the streaming encoder by adding stricter checks for encoding CBOR indefinite-length data. Other changes include minor bugfixes, defensive checks, and more tests.

Projects that don't use CBOR indefinite-length data may also want to upgrade (summary of prior releases).

The stricter checks in the encoder prevent improper use of the library and bad inputs from producing malformed CBOR indefinite-length data that would be rejected by the decoder.

This release passed fuzz tests (billions of execs) and it is production quality.

What's Changed
  • Reject encoding indefinite-length map with odd item count by @​fxamacker in #​764
  • Reject encoding indefinite-length data item as a chunk inside indefinite-length byte string or text string by @​fxamacker in #​765
  • Make TagSet.Remove a no-op when contentType is nil by @​fxamacker in #​766
  • Refactor indefinite-length encoding and improve chunk validation during encoding by @​fxamacker in #​767
  • Add more tests, fix a nit in unreachable panic message, update docs & ci by @​fxamacker in #​768
CI / GitHub Actions and Docs
🔎 Details...

Full Changelog: fxamacker/cbor@v2.9.1...v2.9.2

v2.9.1

Compare Source

This release includes important bugfixes, defensive checks, improved code quality, and more tests. Although not public, the fuzzer was also improved by adding more fuzz tests.

🐞 Bug fixes related to the keyasint feature

These changes only affect Go struct fields tagged with keyasint:

  • [Decoding] Reject integer keys that exceed math.MaxInt64 when decoding CBOR map to a struct with keyasint field (PR #​757)
  • [Decoding] Prevent string representation of an integer key from matching the struct field tagged by keyasint (PR #​757)
  • [Encoding & Decoding] Deduplicate struct fields with the same normalized keyasint tag values (PR #​757)
🐞 Other bug fixes and defensive checks

Some of the bugs fixed are related to decoding extreme values that cannot be encoded with this library. For example, the decoder checks if epoch time encoded as CBOR float value representing hundreds of billions of years overflows int64(seconds).

NOTE: It is generally good practice to avoid using floating point to store epoch time (even when not using CBOR).

  • [Decoding] Reject decoding epoch time encoded as floats that overflow int64 (PR #​753)
  • [Encoding] Return a cloned slice for an empty RawMessage from RawMessage.MarshalCBOR (PR #​753)
  • [Encoding] Reject encoding nil inside indefinite-length strings (PR #​750)
  • [Diagnostic] Accept valid U+FFFD replacement character (PR #​753)
What's Changed
CI / GitHub Actions and Docs
🔎 Details...

New Contributors

Full Changelog: fxamacker/cbor@v2.9.0...v2.9.1

go-openapi/jsonreference (github.com/go-openapi/jsonreference)

v0.21.6

Compare Source

0.21.6 - 2026-05-31

Full Changelog: go-openapi/jsonreference@v0.21.5...v0.21.6

21 commits in this release.


Documentation
Code quality
Miscellaneous tasks
Updates

People who contributed to this release

jsonreference license terms

License

google/go-containerregistry (github.com/google/go-containerregistry)

v0.21.7

Compare Source

What's Changed

New Contributors

Full Changelog: google/go-containerregistry@v0.21.6...v0.21.7

v0.21.6

Compare Source

What's Changed

New Contributors

Full Changelog: google/go-containerregistry@v0.21.5...v0.21.6

v0.21.5

Compare Source

What's Changed

Full Changelog: google/go-containerregistry@v0.21.4...v0.21.5

v0.21.4

Compare Source

What's Changed

  • go.mod: do not make a viral mi

Note

PR body was truncated to here.


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

To execute skipped test pipelines write comment /ok-to-test.


Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

@red-hat-konflux red-hat-konflux Bot requested a review from a team as a code owner November 20, 2025 01:18
@red-hat-konflux red-hat-konflux Bot changed the title fix(deps): update module go.uber.org/zap to v1.27.1 fix(deps): update module go.uber.org/zap to v1.27.1 - autoclosed Nov 24, 2025
@red-hat-konflux red-hat-konflux Bot closed this Nov 24, 2025
@red-hat-konflux red-hat-konflux Bot deleted the konflux/mintmaker/main/go-patch-dependencies branch November 24, 2025 05:28
@red-hat-konflux red-hat-konflux Bot changed the title fix(deps): update module go.uber.org/zap to v1.27.1 - autoclosed fix(deps): update module go.uber.org/zap to v1.27.1 Nov 24, 2025
@red-hat-konflux red-hat-konflux Bot reopened this Nov 24, 2025
@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/mintmaker/main/go-patch-dependencies branch from b6f56fc to 30a162b Compare November 24, 2025 09:29
@red-hat-konflux red-hat-konflux Bot changed the title fix(deps): update module go.uber.org/zap to v1.27.1 fix(deps): update module go.uber.org/zap to v1.27.1 - autoclosed Nov 24, 2025
@red-hat-konflux red-hat-konflux Bot closed this Nov 24, 2025
@red-hat-konflux red-hat-konflux Bot changed the title fix(deps): update module go.uber.org/zap to v1.27.1 - autoclosed fix(deps): update module go.uber.org/zap to v1.27.1 Nov 24, 2025
@red-hat-konflux red-hat-konflux Bot reopened this Nov 24, 2025
@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/mintmaker/main/go-patch-dependencies branch from 929449f to 30a162b Compare November 24, 2025 17:42
@red-hat-konflux red-hat-konflux Bot changed the title fix(deps): update module go.uber.org/zap to v1.27.1 fix(deps): update module go.uber.org/zap to v1.27.1 - autoclosed Nov 30, 2025
@red-hat-konflux red-hat-konflux Bot closed this Nov 30, 2025
@red-hat-konflux red-hat-konflux Bot changed the title fix(deps): update module go.uber.org/zap to v1.27.1 - autoclosed fix(deps): update module go.uber.org/zap to v1.27.1 Nov 30, 2025
@red-hat-konflux red-hat-konflux Bot reopened this Nov 30, 2025
@snyk-io

snyk-io Bot commented Nov 30, 2025

Copy link
Copy Markdown

Snyk checks have passed. No issues have been found so far.

Status Scan Engine Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues
Licenses 0 0 0 0 0 issues
Code Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/mintmaker/main/go-patch-dependencies branch from 30a162b to c5392d3 Compare December 8, 2025 21:24
@red-hat-konflux red-hat-konflux Bot changed the title fix(deps): update module go.uber.org/zap to v1.27.1 fix(deps): update go patch dependencies Dec 8, 2025
@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/mintmaker/main/go-patch-dependencies branch 9 times, most recently from 7417dd1 to b328f10 Compare December 19, 2025 01:26
@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/mintmaker/main/go-patch-dependencies branch 2 times, most recently from 6d48d79 to 9ecebe7 Compare December 19, 2025 21:23
@red-hat-konflux red-hat-konflux Bot changed the title fix(deps): update go patch dependencies chore(deps): update module google.golang.org/protobuf to v1.36.11 Feb 12, 2026
@red-hat-konflux red-hat-konflux Bot changed the title chore(deps): update module google.golang.org/protobuf to v1.36.11 fix(deps): update go patch dependencies Feb 13, 2026
@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/mintmaker/main/go-patch-dependencies branch from 1806ea3 to cf7c2e1 Compare February 13, 2026 17:41
@red-hat-konflux red-hat-konflux Bot changed the title fix(deps): update go patch dependencies chore(deps): update module google.golang.org/protobuf to v1.36.11 Feb 16, 2026
@red-hat-konflux red-hat-konflux Bot changed the title chore(deps): update module google.golang.org/protobuf to v1.36.11 fix(deps): update go patch dependencies Feb 16, 2026
@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/mintmaker/main/go-patch-dependencies branch from cf7c2e1 to 82070ff Compare March 2, 2026 14:08
@red-hat-konflux red-hat-konflux Bot changed the title fix(deps): update go patch dependencies fix(deps): update module go.uber.org/zap to v1.27.1 Mar 2, 2026
@red-hat-konflux red-hat-konflux Bot changed the title fix(deps): update module go.uber.org/zap to v1.27.1 fix(deps): update go patch dependencies Mar 2, 2026
@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/mintmaker/main/go-patch-dependencies branch from 82070ff to 342a36d Compare March 2, 2026 18:33
@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/mintmaker/main/go-patch-dependencies branch from 342a36d to 3bcdb7f Compare March 14, 2026 22:34
@red-hat-konflux red-hat-konflux Bot changed the title fix(deps): update go patch dependencies chore(deps): update module google.golang.org/protobuf to v1.36.11 Mar 14, 2026
@red-hat-konflux red-hat-konflux Bot changed the title chore(deps): update module google.golang.org/protobuf to v1.36.11 fix(deps): update go patch dependencies Mar 15, 2026
@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/mintmaker/main/go-patch-dependencies branch 2 times, most recently from b4cf8f7 to da36885 Compare March 18, 2026 18:04
@red-hat-konflux red-hat-konflux Bot changed the title fix(deps): update go patch dependencies chore(deps): update module google.golang.org/protobuf to v1.36.11 Mar 19, 2026
@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/mintmaker/main/go-patch-dependencies branch 2 times, most recently from 3199389 to fa9e52c Compare March 19, 2026 10:41
@red-hat-konflux red-hat-konflux Bot changed the title chore(deps): update module google.golang.org/protobuf to v1.36.11 fix(deps): update go patch dependencies Mar 19, 2026
@red-hat-konflux red-hat-konflux Bot changed the title fix(deps): update go patch dependencies chore(deps): update module google.golang.org/protobuf to v1.36.11 Mar 31, 2026
@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/mintmaker/main/go-patch-dependencies branch from fa9e52c to 6c5e8e9 Compare March 31, 2026 06:44
@red-hat-konflux red-hat-konflux Bot changed the title chore(deps): update module google.golang.org/protobuf to v1.36.11 fix(deps): update go patch dependencies Mar 31, 2026
@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/mintmaker/main/go-patch-dependencies branch 3 times, most recently from a9f05d7 to 2bbd8d6 Compare April 4, 2026 10:30
@red-hat-konflux red-hat-konflux Bot changed the title fix(deps): update go patch dependencies chore(deps): update module google.golang.org/protobuf to v1.36.11 Apr 4, 2026
@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/mintmaker/main/go-patch-dependencies branch from 2bbd8d6 to 0bcf42a Compare April 4, 2026 14:19
@red-hat-konflux red-hat-konflux Bot changed the title chore(deps): update module google.golang.org/protobuf to v1.36.11 fix(deps): update go patch dependencies Apr 4, 2026
@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/mintmaker/main/go-patch-dependencies branch from 0bcf42a to 918d41f Compare April 12, 2026 14:17
@red-hat-konflux

red-hat-konflux Bot commented May 13, 2026

Copy link
Copy Markdown
Contributor Author

ℹ️ Artifact update notice

File name: e2e-tests/go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

  • 13 additional dependencies were updated

Details:

Package Change
github.com/docker/cli v29.2.1+incompatible -> v29.5.3+incompatible
github.com/go-openapi/jsonpointer v0.22.5 -> v0.23.1
github.com/go-openapi/swag/jsonname v0.25.5 -> v0.26.0
github.com/klauspost/compress v1.18.4 -> v1.18.6
golang.org/x/crypto v0.48.0 -> v0.53.0
golang.org/x/mod v0.33.0 -> v0.37.0
golang.org/x/net v0.50.0 -> v0.56.0
golang.org/x/oauth2 v0.35.0 -> v0.36.0
golang.org/x/sync v0.19.0 -> v0.21.0
golang.org/x/sys v0.42.0 -> v0.46.0
golang.org/x/term v0.41.0 -> v0.44.0
golang.org/x/text v0.34.0 -> v0.38.0
golang.org/x/tools v0.42.0 -> v0.46.0

Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants